#VU88890 Input validation error in Linux kernel - CVE-2021-46990

Vulnerability identifier: #VU88890

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46990

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058
https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a
https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b
https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8
https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508
https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92
https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d
https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf
https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.